top of page

[WAH] Applied Web Application Hacking

By Reino Mostert

3 Days

This training course has been delivered successfully at BlackHat (USA) in the past is schedules to be delivered again this year. It will also be delivered at DEFCON and other major conferences this year.

EarlyBird - $2750 (+ GST)

General - $3000 (+ GST)

Late - $3300 (+ GST)

GST is 10% in Australia
Course Abstract:

Most organisations utilise web applications. Due to the exposed nature of web applications and complex business logic they contain, they are a valuable target for attackers. Throughout this course focus will be placed on the various vulnerabilities that could affect web applications.
This course will teach you how to analyse web applications for vulnerabilities and teach you how to exploit them in order improve your understanding of the inner workings and the associated risks.
Practical exposure to hacking web application will provide developers a deeper understanding of the potential threats and issues that could find its way into the development lifecycle and furthermore ensure that penetration testers are well versed with the discovery and exploitation of web related issues.
Key Points:
* Greater understanding of the risks associated with web applications
* A good understanding of the tools and techniques for examining web applications
* Practical skills to exploit a wide variety of web application vulnerabilities
We have been conducting penetration tests against web applications for nearly two decades have pulled out the most relevant and fun hacks we could find into this course.
Come join us and hack hard!

 

Course Syllabus:

This course is:
* 60% practical and 40% theoretical
* Immersive practicals with a wide spread of coverage
* Delivered by active penetration testers
Key Modules:
Introduction to web technologies
* HTTP basics
* GET and POST requests
* Parameters
* Web servers and web applications
* URL, Base64 and HTML encoding
* Intercepting proxies
* Practical outcome: Understand how GET and POST requests work, and how they can be intercepted
Cookies and Session Management
* How cookies work
* How sessions work
* How to manipulate cookies with Firefox's Development Console
* Practical outcome: Understand how cookies work, and how they can be modified
Introduction to Web Vulnerabilities
* What is a vulnerability?
* Common web vulnerabilities and OWASP Top 10
Client and Server Side Attacks
* Server side controls
* Client side controls
* Bypassing server and client controls with Burp and Firefox's Development Console
* Practical outcome: Understand how to bypass client and server side controls
Broken authentication and authorization
* Identifying broken authorization and authentication controls.
* Exploiting client side redirection
* Practical outcome: Understand how to identify and bypass broken authentication and authentication controls.
Enumeration
* How to find useful information
* Directory listing and brute forcing URLs
* User enumeration and other error conditions
Session identifier disclosure
* The impact of session identifiers
* Practical outcome: Understand how find and exploit disclosed session identifiers.
Insecure Direct Object References (IDOR)
* Accessing other users objects via IDOR vulnerabilities
* How to automate IDOR and other brute-force attacks
* Practical outcome: Understand how to enumerate users, brute force accounts and exploit IDOR vulnerabilities.
Local File Inclusion (LFI) vulnerabilities
* How to find local file inclusion vulnerabilities.
* How to exploit local file inclusion vulnerabilities with uploaded files
* How to exploit local file inclusion vulnerabilities when files cannot be uploaded
* Practical outcome: Understand how local file inclusion vulnerabilities can be exploited with and without file upload functionality.
Insecure file upload vulnerabilities
* How web applications use extensions and why they matter
* Web shells and code execution
* Bypassing extension whitelists and blacklists
* Bypassing additional controls such as .htaccess files
* Practical outcome: Understand the basics of file upload exploitation, and how to bypass upload restrictions.
Injection
* The concept of injection
* Different types of injection
* Demonstrating injection
* How to find injection vulnerabilities by fuzzing
Cross-Site Scripting (XSS)
* Introduction to HTML injection and XSS
* Stored, Reflective and DOM XSS
* XSS attack payloads
* SOP and Cookie stealers
* Bypassing XSS restrictions
* Practical Outcome: Understand how reflective cross site scripting vulnerabilities can be identified and exploited, and how to bypass reflective cross site scripting vulnerability filters.
Cross Site Request Forgery (CSRF)
* Introduction to CSRF vulnerabilities
* Using XSS to exploit CSRF
* Practical outcome: Understand how to exploit stored cross site scripting and cross site request forgery vulnerabilities, and how they can be used together.
Command Injection
* Chaining commands for stacked command execution
* Testing and exploiting command injection
* Finding and exploiting blind injection
* How reverse shells work
* Practical Outcome: Understand how to find and exploit both blind and non-blind command injection vulnerabilities.
SQL Injection
* SQL at a glance
* SQL injection introduction
* How to find SQL injection
* How to exploit different SQLi over different databases (Postgres and MSSQL)
* How to use SQL injection to execute operating system commands
* Practical outcome: Learn basic SQL, how SQL injection vulnerabilities can be identified, used to extract information, and execute operating system commands.
Java Deserialization
* How Java serialization and deserialization work
* How to identify and exploit Java Deserialization vulnerabilities with ysoserial
* Practical outcome: Learn how Java Deserialisation vulnerabilities can be identified and used to execute code.

Reino Mostert

Reino is a security analyst at SensePost. He’s been hacking for many years, and combines deep thought and thoroughness to his style of hacking. He’s been giving and developing training for many years

SensePost is an elite ethical hacking team of Orange Cyberdefense that has been training worldwide since 2002. We pride ourselves on ensuring our content, our training environment and trainers are all epic in every way possible. The trainers you will meet are working penetration testers, responsible for numerous tools, talks and 0day releases. This provides you with real experiences from the field along with actual practitioners who will be able to support you in a wide range of real-world security discussions. We have years of experience building environments and labs tailored for learning, after all education is at the core of SensePost and Orange Cyberdefense.

bottom of page